Fortinet Endpoint Solution For Enterprise, FortiClient is prone to a
local privilege escalation due to the improper device filtering carried
out by its filter driver, fortimon.sys .

The driver affected filters certain devices, enabling pass-through
filtering. However, its own Device's DeviceExtension is not correclty
initialized so any logged user could force the kernel to operate with
user-mode controlled memory just by direclty issuing a special request
to the driver's device.

This leads to local arbitrary code execution in the context of the
kernel. Even Guest users can elevate privileges to SYSTEM.